This appears to be due to a couple of issues. (1) When the atomic string table is deleted it does not clear the 'inTable' bit on AtomicStrings – it implicitly assumes that all AtomicStrings have already been deleted at this point (otherwise they will crash in their destructor when they try to remove themselves from the atomic string table). (2) We don't fix the ordering in which WTF::WTFThreadData and WebCore::ThreadGlobalData are destructed. We should make sure that ThreadGlobalData is cleaned up before worker threads terminate and WTF::WTFThreadData is destroyed, and we should clear the inTable bit of members on atomic string table destruction.
Created attachment 55150 [details] The patch
Comment on attachment 55150 [details] The patch > + on AtomicStrings â it implicitly assumes that all AtomicStrings have already You should stick to ASCII for ChangeLog. > + void setIsAtomic(bool isIdentifier) > + { > + ASSERT(!isStatic()); > + if (isIdentifier) > + m_refCountAndFlags |= s_refCountFlagIsAtomic; > + else > + m_refCountAndFlags &= s_refCountFlagIsAtomic; > + } Maybe a set/clear pair of functions instead of one that takes a bool would be better.
(In reply to comment #2) > Maybe a set/clear pair of functions instead of one that takes a bool would be > better. Just to be clear, I’m not asking you to change this right away, just kind of “musing” about it.
(In reply to comment #3) > Just to be clear, I’m not asking you to change this right away, just kind of > “musing” about it. I agree - I did it this way for now to match the setIsIdentifier method. I may switch to set/clear methods for both as a separate patch.
This should be fixed in r58851.